Get the inside scoop with LoginTC and learn about relevant security news and insights.
May 05, 2014 •
The critical vulnerability in OpenSSL dubbed Heartbleed has gotten a lot of much needed attention to the security industry.
Note: All LoginTC systems were patched within hours of the news becoming public alongside communication campaigns with upgrade paths provided to all our administrators.
Users are spending more time online signed into services, accessing personal information, managing finances, accessing corporate assets and working remotely. Each time a user signs into a service they become susceptible to session take over attacks. Using multi-factor authentication to sign in is the minimum to establish the session, what about securing it once established?
Securing the communication link between user and the service with SSL is a good idea, but doesn’t go far enough. Session take over attacks are indiscriminate to how the session was established. Security researchers at Mandiant, uncovered VPN sessions originally protected with multi-factor authentication being taken over via Heartbleed exploit. That means, even if multi-factor authentication was used to sign in, users are still exposed as are the services and corporate assets they are connecting to. The longer a user session runs, the more susceptible to attack it becomes.
In a nutshell Privileged Identity Management focuses on managing, controlling and monitoring all powerful accounts within an enterprise. Provisioning, access control, authentication, authorization, auditing all that good stuff. It is a piece of identity management which is getting a lot of attention and will get a lot more as most enterprises don’t do privileged identity management right. Security firm Beyond Trust surveyed 265 IT decision makers and found 65% of organizations have controls in place to monitor privilege access, BUT 54% of those respondents stated that they could circumvent those controls! Check out the full findings of their Privilege Gone Wild survey.
A key component of PIM is authorization for short-term access. Where authentication establishes who you are, authorization establishes what you are allowed to do.
SSH as admin user into production host
Becoming root user with
sudo su on production host
Signing into online banking account
Transferring funds between accounts online
Signing into online pension service
Transferring funds between pension and personal banking account
Critical actions should be atomic and require short-term access with an out-of-band multi-factor authorization request. Atomic means the smallest possible attack footprint. Out-of-band makes it independent of how the session was established or maintained. Multi-factor makes it more secure. All wins.
For this to work the out-of-band authorization process must be secure, easy for administrators to manage and easy for end-users to use.